CVE-2024-30850

HIGH EXPLOITED

Chaos RAT XSS to RCE

Title source: metasploit

Description

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

Exploits (2)

nomisec WORKING POC 30 stars

by chebuya · client-side

https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by h00die, chebuya · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/chaos_rat_xss_to_rce.rb

View Code ZIP pw:eip

References (1)

[Exploit] https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/

Scores

CVSS v3 8.8

EPSS 0.8045

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-04

CWE

CWE-77

Status published

Products (2)

tiagorlampert/chaos 5.0.1

tiagorlampert/CHAOS 0 - 0.0.0-20220716132853-b47438d36e3aGo

Published Apr 12, 2024

Tracked Since Feb 18, 2026